Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Tech support's NSFW problem

Tam Harbert | Oct. 30, 2014
Help desk staffers can be caught in the middle when BYOD users get very personal with their devices.

One big concern: As McAfee Labs warns in its 2014 Threat Predictions report, "Attacks on mobile devices will also target enterprise infrastructure. These attacks will be enabled by the now ubiquitous bring-your-own-device phenomenon coupled with the relative immaturity of mobile security technology. Users who unwittingly download malware will in turn introduce malware inside the corporate perimeter that is designed to exfiltrate confidential data."

Today's malware from porn sites is usually not the kind of spyware that's dangerous to enterprises, says Carlos Castillo, mobile and malware researcher at McAfee Labs -- but that could change. "Perhaps in the future, because of the great adoption of BYOD and people using their devices on corporate networks, malware authors could . . . try to target corporate information," he says.

In fact, a proof-of-concept application was recently leaked that is designed to target corporate data from secure email clients, Castillo says. The software used an exploit to obtain root privileges on the device to steal emails from a popular corporate email client, alongside other spyware exploits like stealing SMS messages. "While we still have not seen malware from porn sites that is dangerous to enterprises," Castillo says, "this leaked application could motivate malware authors to use the same techniques using malicious applications potentially being distributed via these [porn] sites."

Beyond security, there could be legal liabilities in play as well, some analysts caution. For example, a corporation might be liable if an IT staffer saw evidence of child porn on a phone.

To be sure, porn sites cause only a small fraction of the problems that users introduce into the enterprise. According to Chester Wisniewski, senior security advisor at Sophos, some 82% of infected sites are not suspicious places like porn sites, but rather sites that appear benign. And for smartphones, the biggest malware danger is from unsanctioned apps, not NSFW sites, he says.

Roy Atkinson, a senior analyst at HDI, a professional association and certification body for the technical service and support industry, sees no evidence of a widespread problem. When he specifically asked a couple of IT professionals who are responsible for mobile management in their organization, "they told me either 'we don't see it' or 'we make believe we don't see it,'" says Atkinson. "People don't really want to think about this or talk about it much."

Escalate or let it go?
Whatever the frequency, when and if NSFW issues do arise, the IT department often winds up functioning as a "first responder" that has to decide whether to escalate the incident or let it go. "If somebody complains about [a co-worker] displaying pictures on their smartphone at a meeting . . . then the company's acceptable use policy will come into play," says Atkinson. Or if IT employees find malware that came from a porn site and could endanger the network, they may say something -- to the employee or to a manager. "But as we know, policies are enforced somewhat arbitrarily," Atkinson says.

 

Previous Page  1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.